1
goffy
Adoptions of uploader.php
  • 2014/7/31 9:36

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


Suggestion for adopting uploader.php

example:
Upload limit defined in module preferences: 1 MB
upload limit from upload_max_filesize directive in php.ini: 4 MB

if you try to upload a picture with 2MB, you get the error, that file size is too big, only 1MB allowed. Fine.
if you try to upload a picture with 5MB, you get the error, that file was not uploaded, but no reason. Not good.
The reason for this is, that in the $_FILES-array there is no value for $_FILES['userfile']['tmp_name'].
Comparing the defined limit with the real file size is also not possible, because $_FILES['userfile']['size'] is also empty.

To get a clear error message, uploader.php should also handle all file upload errors

In my opinion function fetchMedia should be like this
function fetchMedia($media_name$index null)
    {
        
$this->errors = array();
        if (empty(
$this->extensionToMime)) {
            
$this->setErrors(_ER_UP_MIMETYPELOAD);
            return 
false;
        }
        if (!isset(
$_FILES[$media_name])) {
            
$this->setErrors(_ER_UP_FILENOTFOUND);
            return 
false;
        } else if (
is_array($_FILES[$media_name]['name']) && isset($index)) {
            
$index intval($index);
            
$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index]) : $_FILES[$media_name]['name'][$index];
            
$this->mediaType $_FILES[$media_name]['type'][$index];
            
$this->mediaSize $_FILES[$media_name]['size'][$index];
            
$this->mediaTmpName $_FILES[$media_name]['tmp_name'][$index];
            
$this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['error'][$index] : 0;
        } else {
            
$media_name =& $_FILES[$media_name];
            
$this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name'];
            
$this->mediaType $media_name['type'];
            
$this->mediaSize $media_name['size'];
            
$this->mediaTmpName $media_name['tmp_name'];
            
$this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0;            
        }       
        if ((
$ext strrpos($this->mediaName'.')) !== false) {
            
$ext strtolower(substr($this->mediaName$ext 1));
            if (isset(
$this->extensionToMime[$ext])) {
                
$this->mediaRealType $this->extensionToMime[$ext];
            }
        }
        
//check first for file-upload errors
        
if ($this->mediaError 0) {
            
$this->setErrors(sprintf(_ER_UP_ERROROCCURRED$this->mediaError));
            switch (
$this->mediaError) {
                case 
1//UPLOAD_ERR_INI_SIZE
                    
$this->setErrors(_ER_UP_PHPERR_INI_SIZE);
                    break;
                case 
3//UPLOAD_ERR_PARTIAL
                    
$this->setErrors(_ER_UP_PHPERR_PARTIAL);
                    break;
                case 
4//UPLOAD_ERR_NO_FILE
                    
$this->setErrors(_ER_UP_PHPERR_NO_FILE);
                    break;
                case 
6//UPLOAD_ERR_NO_TMP_DIR
                    
$this->setErrors(_ER_UP_PHPERR_NO_TMP_DIR);
                    break;
                case 
7//UPLOAD_ERR_CANT_WRITE
                    
$this->setErrors(_ER_UP_PHPERR_CANT_WRITE);
                    break;
                case 
8//UPLOAD_ERR_EXTENSION
                    
$this->setErrors(_ER_UP_PHPERR_EXTENSION);
                    break;                
                case 
2//UPLOAD_ERR_FORM_SIZE, should be done by checkMaxFileSize
                
case 0//UPLOAD_ERR_OK: no error
                
default:
                    break;
            }
            return 
false;
        }
        
//than checks by xoopsuploader
        
if (intval($this->mediaSize) < 0) {
            
$this->setErrors(_ER_UP_INVALIDFILESIZE);
            return 
false;
        }
        if (
$this->mediaName == '') {
            
$this->setErrors(_ER_UP_FILENAMEEMPTY);
            return 
false;
        }
        if (
$this->mediaTmpName == 'none' || ! is_uploaded_file($this->mediaTmpName)) {
            
$this->setErrors(_ER_UP_NOFILEUPLOADED);
            return 
false;
        }
        return 
true;
    }


We would need following new lang vars:
define('_ER_UP_PHPERR_INI_SIZE',        'The uploaded file exceeds the upload_max_filesize directive in php.ini');
define('_ER_UP_PHPERR_PARTIAL',         'The uploaded file was only partially uploaded');
define('_ER_UP_PHPERR_NO_FILE',         'No file was uploaded');
define('_ER_UP_PHPERR_NO_TMP_DIR',      'Missing a temporary folder');
define('_ER_UP_PHPERR_CANT_WRITE',      'Failed to write file to disk');
define('_ER_UP_PHPERR_EXTENSION',       'A PHP extension stopped the file upload');


Now we get a clear error: Quote:
'Error occured: error #%s. The uploaded file exceeds the upload_max_filesize directive in php.ini'


Any other suggestions/opinions?

2
goffy
Re: Adoptions of uploader.php
  • 2014/7/31 9:38

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


Additional comment:
Quote:
'Error occured: error #1. ...'

What does us the error number say? Only, that this is the first error. If we use error numbers, that real error numbers (each number means a specific error).

3
luciorota
Re: Adoptions of uploader.php
  • 2014/8/5 21:01

  • luciorota

  • Module Developer

  • Posts: 216

  • Since: 2007/4/20


it seems to be a good idea

Login

Who's Online

213 user(s) are online (111 user(s) are browsing Support Forums)


Members: 0


Guests: 213


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits